Security’s Role in Client to Cloud Networking

The Networking industry is undergoing a metamorphosis. Modern networking operations teams are challenged to cope with multiple operational models. As attackers become better and better at breaching our defenses, security analysts are increasingly at the heart of a security organization. The operators are responsible for detecting, investigating and remediating potential breaches before they progress into brand, customer, financial and IP damage. This confluence of DevOps, NetOps, SecOps, and CloudOps demands persistent operations control. How do you cope with decades of security, threat and cyber detection done in reactive silos? What happens as more workloads move to the cloud? At Arista, we value our ecosystem of security partners and networking must adapt to the new complex threats.

Network forensics platforms built on outdated architectures are difficult to adapt to today’s rapidly evolving security attacks. Legacy networks are often unreliable, unmanageable and unscalable, with storage for days and weeks when attackers lurked for months. Networks have become so large, complex and dynamic that understanding who owns what devices, where they are, and if they are doing something malicious, has become insurmountable without new tools.

Security operations teams are like understaffed police and fire departments, mandated to protect neighborhoods without the necessary safety equipment, while only equipped with a flashlight to search every smoke filled house in the dark. These two worlds must deliver an overall environment of secure network visibility in their investigations across client to cloud logs, directories and assets for a more complete picture. Experts don’t have enough time, and organizations don’t have enough experts. A novel paradigm that is a far cry from the traditional approach to security is needed for the decade.

Network Detection & Response – The New Paradigm

Our customers’ CIO/CSOs need a complete and comprehensive network baseline of truth. Simply storing the raw data isn’t enough — as an industry we are already drowning in insufficient and incomprehensible data. A new class of Network Detection and Response (NDR) security is emerging and required.  It must consume and provide usable, rich visibility into the environment and analyze it predictively. It complements many of the Endpoint Detection Response (EDR) offerings today such as Crowdstrike, etc. and Security Information and Event Management (SIEM) offerings for log analysis such as Splunk to form the Security Operations Center (SOC) Visibility Triad as shown in the figure below.

Figure: The SOC Visibility Triad (defined by Gartner in 2019) consists of SIEM vendors for log analysis, EDR vendors for endpoint capture and NDR for analyzing and responding to network-based threats.

While many vendors are marketing their products as network based NDR, the functionally of the products vary by marketing mileage. They are often based on legacy anomaly detection models or proprietary monitoring (such as NetFlow). Of course, these constrained and limiting ways do not gather or protect the information. New and novel NDR architectures, such as Awake Security have recently emerged. Going well beyond mirrored interfaces, Awake’s goal brings customers proactive visibility and threat detection across client to cloud network traffic.

Introducing Awake’s AI-based Security

Arista is pleased to announce the next natural step in our M&A journey with the acquisition of Awake Security. Just as Arista redefined networking with Arista state driven EOS in the 2010 era, we immediately were drawn to the disruptive security and AI-driven model developed by Awake Security for these compelling reasons:

1. Best of Breed AI Security: Awake AI-driven for proactive threat detection of IOT campus networks.  AVA, Awake's virtual security analyst is AI-driven for proactive threat detection. The cognitive processing begins when a packet is fed into the Awake sensor.  The sensor feeds interesting attributes of packets and flows to develop a holistic picture of network and contextual activities. The ability to process packet information into communication patterns with actionable insights is a differentiating feature from traditional security solutions. Awake's advanced fingerprinting of activity patterns is not just for device communication but is also used to search for indicators of threat compromise or attack.
2. Impressive Team: Awake’s CEO, Rahul is a talented and intelligent security leader. The Co-Founders (Dash Gary and Keith) have built a truly unique AI engine that is foundational and cognitive AI/ML based with overlays upon Arista’s network and data-driven analytics. Just about every member of the executive team be it marketing, engineering, systems, threats, services or sales has had a tremendous track record in the security industry and was hand-picked for the job.
3. Cognitive Driven: Arista customers have been asking us for our direction in security. We wanted to offer a solution that solved real problems, yet respected our ecosystem of existing partnerships. The Awake synergy with Arista’s cognitive campus networks and enhanced observability is a natural combination of network and security adjacency.
4. Compatible Culture: In a Covid world, M&A transactions are not easy as we miss the eye-to-eye contact and direct connections made in physical meetings. We overcame that through many collaboration sessions, and discovered our like-minded values with low ego, high smarts and compatible cultures. Venture capitalist luminaries, Asheem Chandna of Greylock and Enrique Salem of Bain Capital backed Awake’s dream over five years ago. They were steadfastly supportive of the entrepreneur’s wishes and their next chapter!

Arista and Awake: Secure Data Driven Networking  

It is a difficult and confusing time in security for enterprises. Workloads are moving to cloud. Threats are blurring the perimeter and trust boundaries are spanning from client to campus to cloud. The ability to distinguish data patterns is paramount to building cognitive workspaces and this can only be done with security as a proactive tool not an after-thought. Awake Security and Arista Networks are complementary technologies on several fronts. Arista’s Campus Flow Tracker can work synergistically with Big Switch DMF (DANZ Monitoring Fabric) for monitoring and Awake sensors to augment the threat detection for client to cloud networking. CloudVision and continued integration with our technology partners (Forescout, Okta, Palo Alto, Splunk, VMware, Zscaler) to remediate segmentation policies in cyber security is an ongoing journey. 

Looking forward to 2021, I believe networking is at the cusp of an epic transformation in security with proactive detection and response embedded in the network. This new cognitive AI-driven foundation will transform security and campus networking to deliver uniformity across wired, wireless devices, users and the internet of things (IoT).  Welcome to the next generation and decade of secure cognitive cloud networking.

It is time for change in security – the time is now!

Reference:

Awake CEO Blog

Awake Website for NDR Primer

Arista Webinar October 15^th